Application No.: 10/788,417 

I. Amendments to the Claims 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

A. Listing of Claims 

1. (Currently Amended) A method for auth e nticating validity of validating a public key 
certificate in compliance with a r e qu e st, in a validation authority apparatus for c e rtificat e s, said method 
comprising: by a computer in a public key infrastructure composed of a plurality of certificate authorities 
including an end entity certificate issuing authority, wherein 

a st e p of s e arching for paths and validating th e paths s e arch e d for, b e for e hand; 

a path registration st e p of classifying the paths on th e ba s is of a pr e d e t e rmined crit e rion in 
accordanc e with results of th e s e arch e s and validations, and r e gist e ring th e classifi e d paths in a database; 

a validity authentication st e p of r e c e iving th e requ e st for authenticating the validit>' of th e public 
key certificat e , from a t e rminal devic e , and validating th e public k e y c e rtificat e by using th e paths 
r e gistered b e for e hand 

the end entity certificate issuing authority issues to an end entity a public key certificate used for 
validating a signature generated by an end entity apparatus operated by the end entity. 

the method comprises: 

a path registration step of registering in a database a valid path extending from a 
certificate authority being a start certificate authority to any end entity certificate issuing authority. 

a certificate validation step of receiving a certificate validation request for a public key 
certificate issued by any end entity certificate issuing authority, judging the validity of the public key 
certificate of which the certificate validation has been requested using information registered in the 
database, and outputting a result of the judgment. 
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the path registration step and the certificate validation step are executed by the computer 
independently of one another. 

the path registration step comprises the following steps executed by the computer: 

step 1) searching a path extending from the start certificate authority to the end entity 
certificate issuing authority which is the end of the path: 

step 2) validating the path searched in step 1: and 

step 3) registering the path which has been validated in step 2 as a valid path in the 

database, and 

the certificate validation step comprises the following steps executed by the computer: 

step 4) checking whether there is registered in the database a path specified by the request 
for certification validation, the path extending from the start certificate authority being the trust anchor of 
an originator of the request for certificate validation to the end entity certificate issuing authority which 
has issued the public certificate of which the certificate validation has been requested, and which is the 
end of the path. 

step 5) if the checked path is registered in the database as the valid path in step 4. 
validating a signature of the public key certificate of which the certificate validation is requested, by using 
the public key certificate issued to the end entity certificate issuing authority being the end of the checked 
path, and if validation of the signature is successful, judging that the public key certificate of which the 
certificate validation has been requested is valid and outputting a result of the judgment: 

step 6) if the checked path is not registered in the database as the valid path in step 4. 
searching a path that includes a partial path from the start certificate authority being the trust anchor to the 
end entity certificate issuing authority which has issued the public key certificate of which certificate 
validation is requested and which is the end of the path, and that extends from the start certificate 
authority being the trust anchor to the end entity which is an issue destination of the public key certificate 
of which certificate validation is requested: 
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step 7) in the searching step in step 6, if the path extending from the start certificate 
authority being the trust anchor to the end entity being the issue destination of the public key certificate of 
which certificate validation is requested is detected, validating the path that includes the partial path and 
extends from the start certificate authority being the trust anchor to the end entity being the issue 
destination of the public key certificate of which certificate validation is requested; 

step 8) judging the validity of the public key certificate of which certificate validation is 
requested based on the validation result in step 7 and outputting a result of the judgment; and 

step 9) registering the partial path included in the path validated in step 7 into the 
database as a valid path . 

2. (Currently Amended) A method for auth e nticating validit)' of a public k e y c e rtificat e as 
d e fin e d in according to claim 1, wher e in: further comprising step 10 executed by the computer, in which 

in a ca se wh e re, at the validity authentication st e p, any valid path corresponding to th e validity 
authentication request is not regist e r e d, path s e arch and validation ar e p e rform e d an e w, thereby to 
authenticat e th e validity of th e public key oertifioate if the specified path is not detected in step 6 of the 
certificate validation step, judging that the public key certificate of which certificate validation is 
requested is not valid, and outputting the result of the judgment . 

3. (Currently Amended) [[A]] The method for auth e nticating validity of a public k e y oertificato 
as defin e d in of claim 1. wher e in: further comprising the following steps executed by the computer: 

th e pr e determined crit e rion at th e path registration st e p classifi e s th e paths into valid paths and 
invalid paths in accordance with th e r e sults of th e validations; and 

in a case whoro, at th e validity authentication step, a path corr e sponding to the validit>' 
authentication r e qu e st is regist e r e d as the valid path or the invalid path in th e databas e , authentication of 
th e validity of th e public k e y o e rtifioat e in th e r e qu e st is p e rformed in accordance with the registered 
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step W) validating a revocation list issued by the end entity certificate issuing authority as to the 
public key certificate issued by the end entity certificate issuing authority in step 2 by using the public key 
certificate issued to the end entity certificate issuing authority; 

step 12) if the validation in step 11 is successful, registering the revocation list as a valid 
revocation list in the database, in association with the valid path to be registered in step 3: 

step 13) as the public key certificate issued by the end entity certificate issuing authority which is 
the end of the partial path in step 7. validating the revocation list issued by the end entity certificate 
issuing authority by using the public key certificate issued to the end entity certificate issuing authority; 

step 14) if the validation in step 13 is successful, registering the revocation list as a valid 
revocation list in the database in association with the partial path to be registered in the database in step 9 . 

4. (Currently Amended) [[A]] The method for auth e nticating validity of a public key o e rtifioat e 
as d e fined in of claim 3, further comprising the following steps executed by the computer : 

st e p of p e rforming path validation in compliance with h e validity auth e ntication request so as to 
ch e ck if th e p e rtin e nt public k e y o e rtifioat e and th e p e rtin e nt path obs e rv e any constraint it e m, in a cas e 
wh e re, at th e validity auth e ntication st e p, th e constraint it e m is d e scrib e d in th e p e rtin e nt public k e y 
c e rtificate or any public k e y c e rtificat o include d in th e pertinent path, although the path corr e sponding to 
th e validity auth e ntication requ e st is r e gist e r e d as th e valid path; and 

st e p of judging th e p e rtin e nt path as a valid path if the constraint item is observed 

step 15) checking in step 5. whether the public key certificate of which the certificate validation is 
requested is invalid or not, using the valid revocation list which has been registered in association with the 
checked path: and 
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step 16) if the signature validation in step 5 is successful and the public key certificate of which 
the validation is requested is valid in step 15, judging that the public key certificate of which certificate 
validation is requested is valid, and if the signature validation is failed, or the public key certificate of 
which the validation is requested is invalid, judging that the public key certificate of which certificate 
validation is requested is not valid . 

5. (Currently Amended) [[A]] Tlie method for auth e nticating vaHdity of a public k e y oortifioato 
as d e fin e d in claim 3 of claim 1. further comprising step 17 executed by the computer, in which : 

st e p of performing path validation in complianc e with the validity auth e ntication roquost so as to 
ch e ck if tho pertin e nt public k e y c e rtificat e and th e pertinent path obs e r\' e any policy of an e l e ctronic 
proc e dur e , in a case wher e , at the validity auth e ntication step, th e policy is d e scribed in th e validity 
auth e ntication r e qu e st, th e pertin e nt public k e y oertifioato or any public key o e rtifioato includ e d in th e 
pertinent path, although tho path corr e sponding to th e validity auth e ntication requ e st is r e gistered as tho 
valid path; and 

st e p of judging tho pertin e nt path as a valid path in a cas e wh e r e tho policy is obs e rv e d 

if the path checked in step 4 of the certificate validation step is registered as the valid path in the 

database, checking in step 5 whether the public key certificate of which the certificate validation is 

requested or any other public key certificates issued by other certificate authorities included in the 

checked path includes any constraint item: 

if the path includes any constraint item, checking whether the checked path observes the 

constraint: and 

if the path observes the constraint, judging that the public key certificate of which the certificate 
validation is requested is valid . 
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6. (Currently Amended) [[A]] The m e thod for authenticating validity of a public k e y c e rtifioato 
as d e fined in claim 3, whoroin th e path r e gistration st e p comprises method of claim 1, further comprising 
step 18 executed by the computer, in which : 

step of searching for e ach path which e xt e nds from a trust anchor certificat e authority' to a 
c e rtificate authorit>' that issues an e nd e ntity certificat e ; step of acquiring and validating a c e rtificate 
r e vocation list which oonooms th e e nd e ntity c e rtificat e , and which is issu e d by the certificat e authority 
that issu e s th e pertin e nt e nd e ntity certificat e ; and 

step of registering th e c e rtificate revocation list tog e th e r with a validation r e sult th e reof 

if the path checked in the step 4 of the certificate validation step is registered in the database as 
the valid path, checking in step 5. whether the certificate validation request includes any policy and 
checking whether the public key certificate of which the certificate validation is requested or other public 
key certificates issued by any other certificate authorities included in the checked path satisfies the policy 
included in the certificate validation request: and 

if the public key certificate of which the certificate validation is requested or other public key 
certificates satisfies the policy, judging that the public key certificate of which the certificate validation is 
requested is valid . 

7. (Currently Amended) A method for auth e nticating validating validity of a public key 
certificate as defined in claim 6, wherein: 

in a case where, at the validity auth e ntication validation step, the path corresponding to the 
validity auth e ntication validation request is registered as the valid path in the database, it is authenticat e d 
validated without validating the certificate revocation list that the pertinent public key certificate is not 
revoked. 



WDC99 1462642-2.064235.0017 



7 



Application No.: 10/788,417 

8. (New) A product comprising at least one computer readable storage medium bearing 
instructions, said instructions, when executed, being arranged to cause at least one processor to perform 
steps for validating a public key certificate by a computer in a public key infrastructure composed of a 
plurality of certificate authorities including an end entity certificate issuing authority, the steps 

comprising: 

registering in a database a valid path extending from a certificate authority being a start 
certificate authority to any end entity certificate issuing authority, 

receiving a certificate validation request for a public key certificate issued by any end 
entity certificate issuing authority, 

judging the validity of the public key certificate of which the certificate validation has 
been requested using information registered in the database, and 

outputting a result of the judgment, wherein: 

the path registration step and the step of judging certificate validity are executed by the 
computer independently of one another, and 

the path registration step comprises: 

step 1) searching a path extending from the start certificate authority to the end entity 
certificate issuing authority which is the end of the path; 

step 2) validating the path searched in step 1; and 

step 3) registering the path which has been validated in step 2 as a valid path in the 

database, and 

the step of judging certificate validity comprises: 

step 4) checking whether there is registered in the database a path specified by the request 
for certification validation, the path extending from the start certificate authority being the trust anchor of 
an originator of the request for certificate validation to the end entity certificate issuing authority which 
has issued the public certificate of which the certificate validation has been requested, and which is the 
end of the path, 
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step 5) if the checked path is registered in the database as the vaUd path in step 4, 
validating a signature of the public key certificate of which the certificate validation is requested, by using 
the public key certificate issued to the end entity certificate issuing authority being the end of the checked 
path, and if validation of the signature is successfiil, judging that the public key certificate of which the 
certificate validation has been requested is valid and outputting a result of the judgment; 

step 6) if the checked path is not registered in the database as the valid path in step 4, 
searching a path that includes a partial path from the start certificate authority being the trust anchor to the 
end entity certificate issuing authority which has issued the public key certificate of which certificate 
validation is requested and which is the end of the path, and that extends from the start certificate 
authority being the trust anchor to the end entity which is an issue destination of the public key certificate 
of which certificate validation is requested; 

step 7) in the searching step in step 6, if the path extending from the start certificate 
authority being the trust anchor to the end entity being the issue destination of the public key certificate of 
which certificate validation is requested is detected, validating the path that includes the partial path and 
extends fi-om the start certificate authority being the trust anchor to the end entity being the issue 
destination of the public key certificate of which certificate validation is requested; 

step 8) judging the validity of the public key certificate of which certificate validation is 
requested based on the validation result in step 7 and outputting a result of the judgment; and 

step 9) registering the partial path included in the path validated in step 7 into the 
database as a valid path. 

9. (New) A product according to claim 8, further comprising step 10 executed by the computer, 
in which 

if the specified path is not detected in step 6 of the certificate validation step, judging that the 
public key certificate of which certificate validation is requested is not valid, and outputting the result of 
the judgment. 
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10. (New) The computer readable medium of claim 8, further comprising the following steps 
executed by the computer: 

step 11) validating a revocation list issued by the end entity certificate issuing authority as to the 
public key certificated issued by the end entity certificate issuing authority in step 2 by using the public 
key certificate issued to the end entity certificate issuing authority; 

step 12) if the validation key certificate in step 1 1 is successful, registering the revocation list as a 
valid revocation list in the database, in association with the valid path to be registered in step 3; 

step 13) as the public key certificate issued by the end entity certificate issuing authority which is 
the end of the partial path in step 7, validating the revocation list issued by the end entity certificate 
issuing authority by using the public key certificate issued to the end entity certificate issuing authority; 

step 14) if the validation in step 13 is successful, registering the revocation list as a valid 
revocation list in the database in association with the partial path to be registered in the database in step 9. 

11. (New) The computer readable medium of claim 10, further comprising the following steps 
executed by the computer: 

step 15) checking in step 5, whether the public key certificate of which the certificate validation is 
requested is invalid or not, using the valid revocation list which has been registered in association with the 
checked path; and 

step 16) if the signature validation in step 5 is successful and the public key certificate of which 
the validation is requested is valid in step 15, judging that the public key certificate of which certificate 
validation is requested is valid, and if the signature validation is failed, or the public key certificate of 
which the validation is requested is invalid, judging that the public key certificate of which certificate 
validation is requested is not valid. 

12. (New) The product of claim 10, further comprising step 17 executed by the computer, in 

which: 
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if the path checked in step 4 of the certificate validation step is registered as the valid path in the 
database, checking in step 5 whether the public key certificate of which the certificate validation is 
requested or any other public key certificates issued by other certificate authorities included in the 
checked path includes any constraint item; 

if the path includes any constraint item, checking whether the checked path observes the 
constraint; and 

if the path observes the constraint, judging that the public key certificate of which the certificate 
validation is requested is valid. 

13. (New) The product of claim 10, further comprising step 18 executed by the computer, in 

which: 

if the path checked in the step 4 of the certificate validation step is registered in the database as 
the valid path, checking in step 5, whether the certificate validation request includes any policy and 
checking whether the public key certificate of which the certificate validation is requested or other public 
key certificates issued by any other certificate authorities included in the checked path satisfies the policy 
included in the certificate validation request; and 

if the public key certificate of which the certificate validation is requested or other public key 
certificates satisfies the policy, judging that the public key certificate of which the certificate validation is 
requested is valid. 

14. (New) A product as defined in claim 13, wherein: 

in a case where, at the validity validation step, the path corresponding to the validity validation 
request is registered as the valid path in the database, it is validated-without validating the certificate 
revocation list that the pertinent public key certificate is not revoked. 
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